Internet-of-Things (IoT) and Operational Technology (OT) devices represent a rapidly expanding, often unchecked risk surface affecting a wider array of industries and organizations... Ransomware attacks, previously perceived as an IT-focused attack vector, are today affecting OT environments... critical infrastructure is at increased risk.
- Microsoft Corporation
Percentage of companies with lack of visibility into all OT systems on
their networks (end of 2022)3
80%
OT systems attacked to implement malware (end of 2022)2
40.6%
Growth in vulnerabilities discovered in OT systems (end of 2022)3
27%
RackGuardian: The new Standard
Whether you need to protect your network closets, MDF or IDF rooms, Server
rooms or network edge sites, RackGuardian has your racks covered. We know
that most every company has to protect their racks and data to the latest
security standards, including:
The HIPAA security compliance standards require Comprehensive Cyber,
Physical and Operational Protection Measures. This includes HIPAA Security
for Racks. The following are quotations from HIPAA regulations:
Physical access monitoring and control - HIPAA Security for Racks is key for any healthcare organization or business
partner. The Department of Health and Human Services, nearly half of HIPAA
Security violations for 2016 involved breaches of Physical Security. HIPAA
regulations specifically define Physical Network Security requirements and
these include Section 164.310: Facility Access Controls. Implement policies and procedures to limit physical access to its
electronic information systems and the facility or facilities in which
they are housed, while ensuring that properly authorized access is
allowed. Physical access control is a key piece of HIPAA compliance and
must be implemented for all entities covered under this law.
Backup power monitoring and control
- Backup Power is a necessity to allow the protection of and access to critical
medical records in the event of a power back out or other power event. This
requirement is described in HIPAA Security “
164.308(a)(7)(ii)(C)
Establish (and implement as needed) procedures to enable continuation of
critical business processes for protection of the security of electronic
protected health information while operating in emergency mode. When a covered
entity is operating in emergency mode due to a technical failure or power
outage, security processes to protect EPHI must be maintained.”
Environmental monitoring and control - Medical records must be protected from more than just cyber or physical
threats. HIPAA Security standards require that they must also be protected
from destruction in the event of a natural or environmental event. This is
specifically provided for in HIPAA Section 164.304
“Physical safeguards are physical measures, policies, and procedures to protect
a covered entity's electronic information systems and related buildings and
equipment, from natural and environmental hazards…”
The Credit Card Payments PCI DSS security compliance standards require
Full Cyber, Physical and Operational Measures. The following quotes are
directly from the latest standards issued May 2015:
Cyber-secure access control
- Requirement 1.1 “Establish and implement firewall and router configuration
standards…Firewalls and routers are key components of the architecture that
controls entry to and exit from the network. These devices are software or
hardware devices that block unwanted access and manage authorized access
into and out of the network. Configuration standards and procedures will
help to ensure that the organization's first line of defense in the protection
of its data remains strong.” Firewalls must protect your system monitoring
traffic as well as your networked power and environmental monitoring systems.
Secure access monitoring and control
- Requirement 9 “Any physical access to data or systems that house cardholder
data provides the opportunity for individuals to access devices or data and
to remove systems or hardcopies, and should be appropriately restricted…
Criminals attempting to gain physical access to sensitive areas will often
attempt to disable or bypass the monitoring controls. Sensitive areas refer
to any data center, server room or any area that houses systems that store,
process, or transmit cardholder data.”
Power monitoring and control
- “Tie all access control and monitoring systems to an Uninterruptible Power
Source (UPS).” In addition, most all POS servers include UPS systems as a
standard component. Maintaining and monitoring all UPS systems is critical
to ensuring the integrity of all credit card data.
Environmental monitoring and control
- Inherent in PCI DSS standards are maintaining an environment conducive
to maximizing network equipment uptime. This includes proper cooling and
environmental controls for all areas in which data is transported or stored.
Gramm Leach Bliley Act security compliance standards require All
Appropriate Cyber, Physical and Operational Protection Measures be taken.
The following are quotations from the Federal Financial Institution
Examination Council's IT Examination Handbook as of July 2015:
Cybersecurity controls - “The institution should have a documented testing and evaluation plan
that addresses the integration of security controls, level of assurance desired,
and strategies and activities performed in obtaining that assurance.”
Physical access control - “Management should deploy adequate physical security in a layered or
zoned approach at every IT operations center commensurate with the value,
confidentiality, and criticality of the data stored or accessible and the
identified risks…An institution should implement policies and procedures
to prevent the removal of sensitive electronic information and data. These
policies should address the use of laptop computers, personal digital assistants,
and portable electronic storage devices.”
Environmental monitoring and control
- “Every operations center should have adequate heating, ventilation, and
air conditioning (HVAC) systems in order for personnel and equipment to function
properly. Older computer equipment produces a significant amount of heat,
requiring cooling capacity exceeding that of a standard office building.
Some newer models do not produce as much heat and thus do not require as
much air conditioning. Organizations should plan their HVAC systems with
the requirements of their computer systems in mind. Back-up sources of electricity
should be able to sustain HVAC systems, because inadequate cooling could
render computer equipment inoperable in a short period of time.”
Backup power monitoring and control
- “Computing equipment should have a continuous uninterrupted power source.
Management should take reasonable action to protect computing equipment power
sources. Consequently management should monitor and condition the voltage
of electricity sources to prevent power fluctuations…Management should configure
the UPS to provide sufficient electricity within milliseconds to power equipment
until there is an orderly shutdown…Power surges can also damage computer
equipment. Consequently management should monitor and condition or stabilize
the voltage of electricity sources to prevent power fluctuations.”
The FCC has recommended a number of cybersecurity measures be taken by telecommunications and broadband providers. Among those recommendations are the need to secure Operational Technology systems, such as backup generators and site HVAC systems, as-well-as Internet of Things devices, including Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU).
Reduce the attack surface by eliminating unnecessary Internet connections to IoT devices in the network. Apply network segmentation to prevent an attacker from moving laterally and compromising assets after intrusion. In particular, IoT and critical device networks should be isolated with firewalls.
Adopt comprehensive IoT and operational technology solution to monitor devices, respond to threats, and increase visibility in order to detect and alert when IoT devices with legacy server such as Boa are used as an entry point to a network.
Configure detection rules to identify malicious activity.
The Broadband Equity Access Deployment (BEAD) program will supply over $42 Billion in funding to states for the supply and installation of broadband systems for underserved communities in the U.S. The employment of cybersecurity systems for all IT and OT systems (including IoT) is a specific requirement for any successful bid to provide solutions for the BEAD program. Specifically, full compliance with President Biden's Executive Order 14028 is required in order for a bid to be accepted.
This executive order states the following:
"The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).”
RackGuardian has been developed with funding from the United States Air Force specifically to secure OT systems that support IT and telecom systems. RackGuardian has been thoroughly tested against actual cyberattacks in severe conditions to ensure that it is capable of withstanding attacks which are likely to take place against broadband and telecom sites. RackGuardian continues to be updated via its link to our secure cloud to ensure the best protection for the OT systems which support your broadband and telecom racks.
RackGuardian is the only rack management device that incorporates
an integrated firewall within its hardware. By plugging your rack
power, environmental and networking systems into the Private
Network Port of RackGuardian, their SNMP ports are now hidden to
the outside world.
Powerful Analytics for monitoring your Operational Technology systems
Traditional rack monitoring systems will send you large numbers of
nuisance alarms based on human-set alarm technology.
RackGuardian's patented Alarm Analytics learns the normal
operating conditions for your OT systems in your rack; it will
only raise an alarm when a statistically significant event is
occurring. RackGuardian is also perfect for the control room of
any process plant because it is fully 18.2 compliant.
Secure Cloud-Based App
In the past, rack monitoring systems have required you to view
your data via a local DCIM program or via a webpage directly on
the rack monitoring unit. Local DCIM software can only monitor a
finite number of devices and has to be continuously patched and
upgraded. Meanwhile, your rack monitoring unit must maintain open
ports which others could use for a cyber attack. AlphaGuardian's
secure cloud-based dashboard lets you monitor an unlimited number
of racks.
Contact us
Questions about RackGuardian? Send a message using this form, or send an
email to info@alphaguardian.net.
